From: | Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com> |
---|---|
To: | Rushabh Lathia <rushabh(dot)lathia(at)gmail(dot)com> |
Cc: | pgsql-bugs(at)postgresql(dot)org, Rushabh Lathia <rushabh(dot)lathia(at)enterprisedb(dot)com> |
Subject: | Re: Server crash while trying to read expression using pg_get_expr() |
Date: | 2010-06-03 07:37:10 |
Message-ID: | 4C075BA6.8080207@enterprisedb.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs pgsql-hackers |
On 03/06/10 10:21, Rushabh Lathia wrote:
> Server crash while trying to read expression(wrong) using pg_get_expr().
>
> postgres=# SELECT pg_get_expr('{FUNCEXPR', 1255);
> server closed the connection unexpectedly
> This probably means the server terminated abnormally
> before or while processing the request.
> The connection to the server was lost. Attempting reset: Failed.
In readfuncs.c, we don't check the return value of pg_strtok, and pass a
NULL to atoi(). The fix is pretty straightforward, we just have to be
more careful with validating the input, see attached patch.
However, I'm afraid we're lacking in input validation of read-funcs in
general. After some random hacking, I found this:
postgres=# SELECT pg_get_expr('{FUNCEXPR 1 2 3 4 4 5 6 7 8 9 9 } }', 1255);
server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.
The connection to the server was lost. Attempting reset: Failed.
Which still crashes despite the patch. Does anyone have an idea on how
to validate the input in a more wholesale fashion, so that we don't need
to plug these holes one by one?
--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com
Attachment | Content-Type | Size |
---|---|---|
pg_get_expr-fix-1.patch | text/x-diff | 6.6 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Hartmut Goebel | 2010-06-03 13:26:55 | BUG #5488: pg_dump does not quote column names -> pg_restore may fail when upgrading |
Previous Message | Rushabh Lathia | 2010-06-03 07:21:37 | Server crash while trying to read expression using pg_get_expr() |
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Eisentraut | 2010-06-03 07:43:06 | Re: How to pass around collation information |
Previous Message | Rushabh Lathia | 2010-06-03 07:21:37 | Server crash while trying to read expression using pg_get_expr() |